Admins of companies with Oracle applications should promptly install the security updates that are now available. If this is not done, attackers can, in the worst case, completely compromise systems. Attackers can exploit many vulnerabilities in Oracle Financial Services, MySQL and WebLogic Server, among others.

Attacks may be imminent

In this report on Oracle's quarterly collective update Critical Patch Update, the software developer writes that they have published a total of 318 security updates. To prevent possible attacks, Oracle recommends updating quickly. So far, there have been no reports of attacks already underway. Admins should also ensure that the updates from previous quarterly updates are also installed.

If you look at the affected applications listed in Oracle's warning, the majority of the software portfolio is vulnerable. These include, for example, Agile Engineering Data Management, Cloud Native Core Automated Test Suite and Identity Manager.

Security vulnerabilities

Attackers can, among other things, take advantage of a critical vulnerability (CVE-2024-37371) in the Kerberos component of Communications Billing and Revenue Management. Attacks are said to be possible remotely. The description does not specify what attackers can do after a successful attack. It reads as if this would lead to memory errors, which is usually the basis for executing malicious code.

Anothercritical vulnerability (CVE-2023-46604) threatens Communications Diameter Signaling Router. Remote attackers can execute their own code at this point. Admins should study Oracle's post carefully to find the security updates that affect them.

Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible.

Oracle plans the next quarterly update for April 15, 2025.